When Windows 7 was released on October 22, 2009, Microsoft made a commitment to provide 10 years of product support. When this 10-year period ends, in less than 5 months, Microsoft will begin to discontinue Win 7 support, especially SECURITY updates. The specific end-of-support day for Win 7 will be January 14, 2020. On that date, technical assistance and software updates that protect your PC will no longer be available, so Microsoft strongly recommends that you move to Windows 10 sometime before then. If you do not, and you have customer applications that are tailored to Win 7, you will have to purchase system support from Microsoft to keep your applications secure.
You can continue to use Win 7, but after support has ended, your PC will become more vulnerable to security risks and viruses. Windows will continue to start and run, but you will no longer receive software updates, including security updates, from Microsoft. You can, however, purchase Extended Security Updates (ESUs). ESUs are charged beginning in 2020 and will double for each successive year that they’re required. There are pricing penalties for companies that choose Windows 7 Pro over Windows 7 Enterprise, presumably to push all corporate users to its top tier offering.
In 2020, Windows Enterprise support will be $25 per machine. Windows 7 Pro support is $50 per machine. These prices double in year two ($50/$100) and again in year three ($100/$200). There will be no year four. If you decide in year two that you want to opt in, after not paying for year one, you would have to pay the accumulative price for the two years on a per-machine basis. Remember, you cannot buy this protection through Microsoft. You don’t have the Microsoft contract to provide multiple operating system copies. Only your hardware vendor can purchase this support to make your systems secure. After 2022 this all becomes moot as Microsoft ends all support.
One last point to keep in mind, key U.S. oil and gas infrastructure facilities continue to use plant control systems underpinned by Windows XP, an even earlier legacy operating software that Microsoft stopped providing patches and upgrades for back in 2014. No wonder our refineries are getting hacked.
Why do you care?
We care in the E&P industry because many of our equipment vendors are, even today, releasing new products that require Win 7. Please remember that Win 7 was followed in 2012 by Windows 8, which was probably the biggest failure that Microsoft ever had. Windows 8 was Microsoft’s attempt to capture the best of the fading PC market with the increasing popularity of tablets and smartphones. It also used a radically new interface featuring touch-friendly “tiles.” Now, do you know why this was not a big hit on the drill floor?
Windows users found it awkward and unintuitive working with a touchscreen instead of a keyboard and mouse. The company faced a revolt over the decision that got rid of the Start menu introduced with Windows 95. “A colossal blunder” was how many critics characterized Win 8. There was no Windows 9 because Microsoft wanted to make a clean break after Win 8.
What can you do about it?
Talk with your equipment vendors and make sure that none of your server and workstation operating systems are going “end of life”. If you do not have current security updates to your systems, you are highly vulnerable to new threats. Malicious actors are not standing still. Daily, new threats are born, and old threats are evolving to address advanced security measures. It is “magical thinking” to believe you are not vulnerable when you stop upgrading your security. It is “gross negligence” to believe that your Operational Technology (OT) networks are “isolated” and therefore protected from external attack. There are no OT/IT networks in today’s world that are “isolated” from attack. Not even yours!